IDA Pro Malware Analysis Tips

just wanna say thanks alot for this vid. i really learnt alot from your practical tips. the ida/debugger dll base address offsetting, explanations on breakpoint at ordinal vs dll entry point, etc. legit droppin gold nugs!

Thank you man :-) Really happy that I found your channel :-)

I loved the tutorial. thank you very much for your time and effort to bring it to us.

Thank you so much for everything, I'm learning a lot from your videos.

Your unpacking technique is saving me a lot of time everyday :)

Excellent video, thanks for making!

Awesome videooo loveeee it can't wait till you get into kernel so detailed I'm going to be watching your videos all day😊😊

This is awsome man...keep posting

Awsome video. Really enjoyed watching it

Truly epic tutorial! Kudo's guys. This is THE best IDA/Malware tutorial I have seen on the net. You guys surpass all! btw, did you know that if you place your cursor somewhere and press F4 it will run until that point. This works in most other debuggers and removes the need to manually set and remove breakpoints :) Also in the last exercise you guys are reversing a DLL. If you simply use View->Open subviews->Functions you should be able to see 'DllEntryPoint' therefore need not calculate DLL rebasing. Good practice though :) Stellar guys....just awesome :) More tutorials! pls I have learnt so much.

very useful video, made a lot of bookmarks

Excellent. Give us more.

I really appreciate this man! <3

the best ida tutorial ever seen.Cool

What was the plugin you have installed that caused the crash? I have the same problem. Also this is a fantastic tutorial, I really needed something like this to supplement while reading the IDA Pro book, so thanks a bunch.

You're awesome! Thank you for your time, efforts and knowledge :) Can you please make a video in which you make something like a long-term roadmap for beginners to learn malware analysis?

Amazing! Thanks!

Melhor dos treinamento, isso porque faço analise de malwares e apreendi muito com esses vídeos teóricos e práticos. Thanks.

Very good tutorial. Interesting observation though. In my setup I run two virtual win10 64bit. then the API call (openKeyexW) goes to kernelbase and not advapi32. IDA says advapi32 but if you follow the execution you will see that it goes to kernelbase.

First of all great tutorial. Just getting into Malware analysis (currently reading Practical Malware Analysis) and your tutorials are some of the best I've seen so far. Just a question regarding setting breakpoints after taking memory snapshots (I'm not sure it really makes sense). If ASLR is turned off, shouldn't the base of the exe + stack, heap and libraries be mapped to the same locations in memory, hence allowing you to keep the breakpoints from one run to the other after unpacking?